Machine-to-machine or mobile-to-machine wireless connectivity is available in a variety of forms for a variety of applications. All of those forms need to broadcast a data stream during at least one leg of the communication path, thereby traditionally making them unsuitable for delivering messages in high-security applications such as network administration. Consequently, the use of non-broadcast modes is desirable over as much of that path as possible, for example the Internet is an inexpensive means for reducing the exposure of a data stream to interception. However, when the most significant events requiring network administration arise, those same events may result in loss of access to various modes, including the Internet. Consequently, there is a need to be ready and able to efficiently deliver a communication stream using at least one alternate mode in the event the primary mode is not available, such as happens when a cable, a router or an intermediate server fails.
Examples of known infrastructure supporting different modes of communication include:                1. telephony (analog and digital)—including MAN or WAN using them                    land line voice channels—PSTN or ISDN (wire or fibre-optic)            cellular voice—UMTS, CDMA, TDMA, and GSM (GPRS, HSCSD, SMS)            cellular data—DataTAC, Mobitex, MMS                        2. microwave network or direct connection        3. satellite—including Globalstar, MSAT, DataNet        4. other radio—including Bluetooth, 802.11b WLAN, VHF, UHF        5. laser, infrared, and other direct connections        
Examples of known devices capable of use for multi-mode communication (currently tend to offer only cellular and satellite in a single device) include:                1. The QUALCOMM Globalstar GSP-1600 Portable Tri-Mode Satellite Phone for use in areas where cellular coverage is either unavailable or inaccessible. The GSP-1600 permits: digital calls (utilizing CDMA (IS-95)), analog calls (AMPS (IS-41), and calls on the Globalstar system, for use when digital and analog are not available.        2. Siemens S55 tri-band E-GSM, GSM 900/1800/1900 GSM and Bluetooth phone.        3. The Nokia 7210 tri-band phone operates in three networks—EGSM 900 and GSM 1800/1900—providing coverage on five continents.        4. The Nokia D211 is a multi-mode radio card for your compatible portable computer that enables network access through GPRS, HSCSD, and wireless LAN networks.        
Various ‘wired’ methods are an important element of any alternate path for remote access since wireless technology is also susceptible to attack or technical failure. Telephone modems embedded in or connected to a wireless input device (“WID”) or a managed entity (also, IP based LAN or WLAN, MODBUS, and RS-232, 422, 485) are examples, but it is also important to understand distinctions between the many forms of wired infrastructure available.
In this document a number of defined words and phrases are used such that they have been better defined below:
Public Switched Telephone Network—is the collection of interconnected systems operated by various telephone companies and administrations (telcos and PTTs) around the world, “PSTN” is also known as the Plain Old Telephone System (POTS) in contrast to xDSL (“Digital Subscriber Line”) and ISDN (“Integrated Services Digital Network”). The PSTN began as analogue with a human-operated circuit switching system that progressed to electromechanical switching, but is now almost completely digital and electronically switched—often except for the final connection (the “last mile”) to the subscriber. The output signal of voice phone devices remains analogue, and is usually transmitted over a twisted pair cable, until it reaches a telephone company central office where it is normally digitised by taking 8000 samples per second at 8 bits per sample to form a 64 kb/s data stream known as DS0. Several DS0 data streams or channels are combined: in the US 24 DS0 channels are multiplexed into a T1, in Europe 31 DS0 channels are multiplexed into an E1 line. These can be further combined into larger streams for transmission over high-bandwidth core trunk lines, at the receiving end of which: the channels are de-multiplexed and the digital signals are restored to analogue for delivery to the recipient device. While the impact of such conversions are inaudible for the purposes of voice communication they can affect digital communication, such that additional signal processing is required in order to use such infrastructure as an alternate mode for network administration. The additional signal processing may be provided: by the channel service provider, or by the user, or various combinations of the two.
Integrated Services Digital Network—“ISDN” is a set of communication standards (intended to eventually replace the “PSTN”), offered by local telephone companies, which allow a single wire or optical fibre to carry voice, digital network services and video. ISDN was first published in 1984 and uses existing PSTN infrastructure, but upgraded so that the basic “voice call” is on a 64 kbps all-digital end-to-end channel. Packet and frame modes are also available. There are different capacities of ISDN connection of varying bandwidth, Pulse Code Modulated at different data transfer rates and designated by “DS level” or Data Service level being a classification based on transmitting one or more voice conversations per digitized data stream. The most common DS levels are DS0 (a single conversation) and DS1 (24 conversations multiplexed).
DS0  1 channelPCM at 64 kbpsDS1 or T1 24 channelsPCM at 1.544 MbpsDS1C or T1C 48 channelsPCM at 3.15 MbpsDS2 or T2 96 channelsPCM at 6.31 MbpsDS3 or T3 672 channelsPCM at 44.736 MbpsDS4 or T44032 channelsPCM at 274.1 Mbps
Each channel is equivalent to one voice channel. T1C through T4 are rarely used apart from microwave links. A Basic Rate Interface is two 64K “bearer” channels and a single “delta” channel. A Primary Rate Interface (“PRI”) in North America and Japan consists of 24 channels, usually 23 B+1 D channel with the same physical interface as T1. Elsewhere the PRI usually has 30 B+1 D channel using an E1 interface. A Terminal Adaptor (TA) can be used to connect ISDN channels to existing data interfaces such as EIA-232 and V.35. Different services may be requested by specifying different values in the “Bearer Capability” field in the call setup message. One ISDN service is “telephony” (i.e. voice) that can be provided using less than the full 64 kbps bandwidth but requires the same special processing or bit diddling as ordinary PSTN calls. Data calls have a Bearer Capability of “64 kbps unrestricted”.
T1 is a common term for a legacy digital carrier (ISDN line) facility used to transmit a DS1 formatted digital signal. T1 transmission uses a bipolar Return To Zero alternate mark inversion line-coding scheme to keep the DC carrier component from saturating the line. Since much infrastructure is based on T1, signals formatted this way are now commonly either further combined for transmission via faster circuits, or de-multiplexed into 64 kbps circuits for distribution. T1 signals can be transported on unshielded twisted pair telephone lines, the signals consisting of pips of a few hundred nanoseconds width, each inverted with respect to the one preceding. At the sending end the signal is 1 volt and no less than 0.01 volts when received such that repeaters are required every 6000 feet. Information is carried in the relative timing of the signals, not their polarity. When a long sequence of bits in the transmitted information would cause no pip to be sent, “bit stuffing” is used so the receiving apparatus will not lose synch with the sending clock. Traditionally, T1 circuits require one twisted pair line for each direction, although newer equipment can use each of the two lines at half the T1 rate, in full-duplex mode, advantageously half the sent and half the received information is mixed on any one line, making low-tech wiretaps less a security threat.
The OSI protocol or “Open Systems Interconnection” layer model comprises 7 specific functional layers, being: Application, Presentation, Session, Transport, Network, Data Link and Physical. Tele services cover all 7 layers of that model and are seen at the terminal equipment. Bearer services cover only the lower 3 layers (Network, Data Link and Physical) of the model and are seen at the interface between the network and subject device. For example GSM “data over cellular” services are part of the GSM “bearer” services defined by the GSM governing body, who define an internationally accepted digital cellular telephony standard that has more than 300 GSM mobile networks. These data capabilities are an enhancement of the original voice-only GSM specification. Wireless network administrators deal mainly with 2 layers, Session and Transport, because it is at these layers that security problems arise when using only generic forms of processing providing flexible access and suitable for business transactions, but not for securing the transfer of administrative commands.
Wireless telephone networks can include many cells, each cell having a base station (a.k.a. Base Transceiver Station, or BTS) that communicates with a Wireless Input Device or “WID” (e.g. a Mobile Subscriber Unit or “MSU”) currently located in that cell. When a WID is switched on, it transmits a broadcast signal detected by a BTS with which it establishes communications during a process called registration. Base stations include: receivers, amplifiers, transmitters, an antenna, and other hardware and software for sending and receiving signals and converting between radio frequency (“RF”) signals and digital signals. BTS also have access to an uplink that communicates between a cell and the Mobile Switching Center (“MSC”) with which it is associated. Uplinks can be fibre-optic cable or wireless means such as microwave operating at 1.544 Mbps or more.
A network typically has several MSCs that handle communication with a cluster of BTS and WIDs. MSCs route all authorized communication in their cluster and issue instructions to the BTS. MSC are also linked to databases recording information necessary to authorize and track WID subscribers, including a Home Location Register (HLR) that records the fact of the registration with a BTS (the physical location of which BTS is known) of each mobile WID within that MSC's coverage area. A mobile WID may be switched off after registration with a particular BTS such that it does not register with a different BTS as it moves into a different service area or cell. The WID may later register with a BTS located a great distance away and in the coverage area of a different MSC. HLR data can be shared among MSCs, however there can be one HLR for an entire network. Digital networks include an authentication center to ensure that a WID or user is who he or she claims to be, thereby reducing piracy. MSCs route communication to the network's Gateway Mobile Switching Center (GMSC) that accepts calls from all MSCs and routes each call to its final destination. There is one GMSC per network, which can route calls to either a wired network (e.g. the InterNet) or directly to another cellular system if the wireline is not available. A person of skill in the art of cellular communication would understand that either a WID or a device seeking communication with a WID may initiate a call.
The sequence of connection for a conventional mobile device comprises:                1. Mobile WID registers with BTS, and may also re-register by linking to new BTS as it moves between cells.        2. BTS alerts MSC respecting cell (hence physical location) in which WID has registered, and MSC updates its primary HLR DB.        3. A pre-authorized call arrives at GMSC for the subject WID.        4. At least one MSC looks to at least one HLR to obtain information from system's DB's to locate the subject WID and the nearest BTS.        5. MSC transfers, via direct fibre-optic or wireless broadcast, the signal (data and/or voice) only to the correct BTS.        6. BTS broadcasts the signal into cell where (if located) subject WID detects and decodes. However, all WIDs and suitable receivers that are active in that cell detect the broadcast, but only a subset are supposed to respond. And, at the cell boundaries more than one BTS may broadcast the signal.        
A number of incompatible protocols are used to operate digital cellular networks, including GSM, Code Division Multiple Access (CDMA), and Time Division Multiple Access (TDMA). A GSM network allows data streaming (the digital equivalent of modem transmissions) at speeds of up to 9.6 kpbs, which is slower and two generations older than the v. 90 analogue 56 kbps delivered over standard PSTN lines. The key to delivering these enhanced services is SS 7 (Signaling System Number 7), a robust protocol designed to provide fast, efficient, reliable transfer of signaling information across the GSM. SS 7 is the multimedia specification of GSM, providing data, sound (voice mail) and images (fax mail) to the user. SS 7 enables extremely fast data connections among mobile switching centres (MSCs), permitting the networks to obtain enhanced services data while the call is being connected. The SS 7.05 subset defines SMS (short message services) by which text messages of up 160 characters can be passed to and between GSM mobile devices. CDMA is also known as spread spectrum technology because it uses a low-power signal that is “spread” across a band of frequencies.
Wireless devices use several unique identifiers (e.g. Mobile Identification Number (MIN), System ID (SID), Electronic Serial Number (ESN), Subscriber Identity Module (SIM)) for three main purposes: network identification and operation, subscriber or accounting identification and operation, and security. Network identification numbers such as MIN and SID tell the network who the user is, where the user is located and how the network can reach that user (phone number). These numbers are also used to identify user information to ensure that voice or data signals are not coded for the wrong device, the methods used to ensure this are dependent on the network technology. For example, the CDMA network uses a pair of pseudo-noise (“PN”) sequences (PN-sequences are periodic binary sequences that are usually generated by means of a linear feedback shift register) combined with a set of mutually orthogonal codes (called the Walsh code) to ensure orthogonality between the signals for different users receiving from the same base station. This combination of PN code offset, Walsh code assigned and assigned frequency make up the coded channel used for the duration of the call. This type of channel coding is referred to as “Spread Spectrum” modulation, meaning that all users can transmit and receive data at the same time. In contrast the TDMA network divides the channel into sequential time slots and assigns a unique time slice for the duration of the call to each device, which is only allowed to transmit and receive data within its time slice. The SIM module contains other unique identifiers that provide information such as who the carrier is (where the network should send the bill), what advanced calling features are active, and if the user is allowed to make long distance phone calls. Identifiers such as the ESN fall into the category of security and are used to facilitate common security checks that include making sure the device is registered with a valid subscription, and locating stolen wireless devices.
Depending on the network technology a variety of methods are used to ensure that information only passes between the parties to the communication. On the CDMA network each phone call is assigned a unique coded channel. For the duration of the phone call (or data connection) only the parties can send information on that coded channel. Channel Coding is a very complex algorithm that allows the device to create a unique signal that is highly compressed (permitting more connections on the same frequency) and to ensure uniqueness on this frequency. When a connection request is made each party is given a series of numbers that are only valid for the length of time the connection exists, these numbers are used to calculate channel code, modulation, spreading and filtering, which are used to create a uniquely encoded message.
A CDMA call is assigned an identifying code that identifies the call to all active and compatible receiving devices, facilitating the intended receiving phone accepting and storing elements of the call, but in no way blocking other phones from doing the same. Using the identifying code and a low-power signal (limiting the effect of broadcast to the subject cell), a large number of calls can be carried simultaneously on the same group of channels that operate in a sense on an “honor system”, hence alternate means are required to preclude unintended recipients using intercepted transmissions. Conventional unique identifiers (e.g. PIN, MAN, IMEI, IP) are akin to the “call codes” of CDMA, which facilitate authorized use by assisting in the identification of the intended recipient device or providing the physical address at which it is expected to be located. The conventional method of using identifiers does not address security at all, because in order to be useful such identifiers must be “sent in the open” permitting mobile recipients to determine upon detection or interception of an identifier whether or not the device should act. Consequently, it is desirable to use an identifier, such as the PIN of a WID, to further encode or otherwise secure since it cannot target transmission to any greater extent than the normal direction of the data stream to an MSC with which the WID has last registered.
TDMA is a technology designed to increase the channel capacity by breaking the data stream into segments and assigning each segment to a different time slot, each slot lasting a fraction of a second, such that a single channel can be used to handle a number of simultaneous phone calls. Unique identifiers are assigned to each WID each time it registers or connects to the network, for a session, to allow the subject WID to encode messages during that session on the TDMA network. An identifier is only valid for the length of the call for which it is used, however they do not ensure privacy or security. The unique identifier only makes it easier for the network to pass information between you and your intended recipient, it does not ensure that third parties do not have access to your unique identifiers or that your signal will not be picked up by an unintended third party. Wireless signals by their broadcast nature are accessible to anyone in proximity of the physical signal. And since the various channel encoding techniques are published algorithm's that are available to the public, they remain susceptible to abuse. Some benefit results from localizing broadcasts to a high probability zone for finding the correct WID, however even so stationary installations such as a Managed Entity remain exposed to improper use of detectable broadcasts by persons seeking access, making it less useful for delivering information securely. GPRS, HSCSD, SMS, and EDGE have encryption features, but are examples of GSM, which is based on TDMA. GSM is deployed worldwide making it an important choice for global remote access, however all cellular networks suffer (to differing degrees) security risk due to the use of open standards over broadcast legs of transmission.
Satellite networks such as Globalstar and MSAT have traditionally been expensive and specialized to handle only voice or data traffic. Although the uplinks are more highly directional and available to fewer participants, satellite communications, particularly the downlinks, are broadcast in nature and cannot be targeted to a particular mobile device—leaving such signals susceptible to interception and abuse. Satellite systems are another viable type of wireless telecommunications service. Instead of sending and receiving signals from a ground-based antenna, wireless phones will communicate via satellites circling the earth. Geosynchronous satellites represent yet another way of providing wireless communications. These satellites, located 22,300 miles above the earth, revolve around the earth once each twenty-four hours—i.e. the same as the earth itself. Communications between two places on earth can take place by using these satellites; one frequency band is used for the uplink, and another for the downlink. Such satellite systems are excellent for the transmission of data, but not for voice communications because of the vast distance and resulting time it takes for an electrical signal to make an earth-satellite-earth round trip, ¼ of a second. A reply from the called subscriber takes another quarter of a second, and the resultant half a second is noticeable. Low Earth Orbit satellites “LEOs” are satellites that communicate directly with handheld telephones on earth. Because these satellites are relatively low (less than 900 miles) they move across the sky quite rapidly and equipment on a satellite acts much like a cellular system (BTS) catching (packets of a) a call originating from earth for transfer to an earth-based switching system (MSC). Here the cell site is moving rather than, or as well as, the WID. Due to the speed of the satellite, it is frequently necessary to transfer a call-in-progress to a second satellite coming over the horizon as part of a string of networked satellites.
Other radio based systems (e.g. Bluetooth, 802.11b, WLAN, VHF, UHF) are either very low power and short range or are very broadly cast leaving them open to interception.
Microwave based communications have become affordable and are of limited range, but are very well-focused making them viable options for select applications, since the security risk of interception is reduced by their increased directional control or targetting.
Laser based communications are clearly the most focused but limited to line-of sight ranges of approximately 15 KM. Infrared—data may be transferred to and from a Managed Entity using IR transceivers. IR transceivers range from low bandwidth devices to multi-Gigabit line-of-sight units designed to connect buildings or towers without the use of wires.
MAN (“Metropolitan Area Network”) in wire or fibre-optic lines (typically physically run through subway and other tunnels) is a data network intended to serve an area the size of a large city. An example of a MAN is SMDS (Switched Multimegabit Data Service) an emerging high-speed datagram-based public data network service developed by Bellcore and expected to be widely used by telephone companies as the basis for their data networks.
Each of the above communication technologies standing alone has limited application. And, each of the foregoing modes of communication may be applied to different applications.
The remote configuration and monitoring of a vending machine including the transfer of data respecting status, inventory, product temperature, consumption and other very useful but low security data (that is not highly confidential and for which interruptions are more easily tolerated), is an existing practical application of machine-to-machine communication that may be conducted using different modes. However, the non-critical nature of the vending machine application neither requires nor suggests the need of alternate modes.
In addition to the various modes of communication useful for the various applications it is presently necessary to have some infrastructure or platform in place to permit the devices at each end to exchange data in a meaningful way. There are a number of known hard and soft interface products available for this purpose, examples of which are described below.
The Nokia 30 is a GSM connectivity terminal (i.e. a form of WID) with a built-in SIM card reader, internal antenna and interfaces for connecting to a remote device that can be used as a wireless modem for connecting to the Internet. Nokia offers a GPRS terminal and gateway middleware that bridges the GSM network and the Internet by providing a connection for two-way communication between applications located on a server and within a WID. The gateway provides open interfaces to both the application server and the wireless network, based on open, widely accepted middleware and CORBA architecture—ideal for applications such as surveillance, utility meter reading, machinery services and maintenance business. Developers may also take advantage of all possible bearers for data transmission over a GSM network.
Further, Research In Motion (“RIM”) radio modems may be integrated into a range of applications that require wireless connectivity, for example: handhelds, laptops, point-of-sale terminals, bank machines, billboards and other displays, monitoring and metering equipment, vending machines, GPS systems and automobiles. RIM's radio modems are suited for applications in a variety of wireless industries. RIM radio modems are available for all of: GSM™/GPRS, DataTAC and Mobitex. RIM offers the BlackBerry Handheld unit (i.e. a WID) offering instant email (“Always on, Always Connected”), which is akin to an interactive pager. Other known devices are available from Palm, and Handspring.
Hewlett-Packard (“HP”) also offers a conventional solution that includes tying together the OpenView product suite components on a server backbone. The Platform provides the infrastructure allowing data communications between devices and Internet-hosted applications. The Gateway is a bridging element between the GSM network and the user intranet and provides wireless connection and Internet protocol (IP) translation between applications located in the user server and in the remote devices, all of which ties into HP's OpenView management environment, used to manage the infrastructure and any alarms that come from the device connected thereto.
Further, Datalink corporation permits Wireless Data Services to be added to its DataNET (RF network) product line, which when combined with conventional UHF/VHF mobile radios is a simple to install, yet technically advanced Wireless Data Network that can provide a low cost alternative to public data networks such as CDPD and MOBITEX in large cities, or it can be quickly set-up to cover a small community with a wireless data network where it is not economically feasible for a Telco to provide packet wireless coverage. DataNET uses conventional UHF or VHF radio technologies with computer and modem technologies to create a wireless data solution for private networks including public data networks.
Ericsson offers Mobitex, which is a secure, reliable, open-standard, two-way digital, high-capacity, wireless packet switching network that makes optimal use of an allocated frequency by using packet switching to deliver an 8 kbp/s bit rate over a single 12.5 kHz channel. Switching intelligence is present at all levels of the network creating minimum overhead. Even base stations are capable of routing traffic within their coverage area, eliminating unnecessary traffic at higher network levels. Mobitex provides automatic error detection and correction to ensure data integrity. Although based on digital cellular technology using overlapping radio cells, unlike other cellular systems Mobitex is a dedicated data network that uses packet switching to ensure that the network is always and instantly accessible and that the customer is billed for the number of packets transmitted, not connection time. For emergency access, Mobitex may be a good choice since it is not as likely to be overwhelmed by traffic as are voice telephone systems in 911 scenarios. To connect to a Mobitex network, all radio modems and fixed terminals (FSTs), such as hosts and gateways, must have an active Mobitex Access Number (MAN). A MAN is assigned to every user subscribing to the Mobitex network; it is analogous to a telephone number. The MAN for a mobile user is stored in the mobile's radio modem, just as a telephone number is stored inside a cellular phone. MCP/1 (“Mobitex Compression Protocol 1”) is a set of optional compression protocols used by the radio modem to enhance throughput. MTP/1 (“Mobitex Transport Protocol 1”) is a tested and standardized transport protocol that ensures packets are transmitted over Mobitex in order, and without loss (akin to TCP/IP). Data to be transmitted over Mobitex is broken up into Mobitex Packet or “MPAKs” (maximum size 512 bytes). Packets of data are assembled and transmitted with header information respecting the sender, addressee, and the type of data. The body contains the application data to be sent or received. To improve speed and reduce the cost of communication, the radio modem may compress the packet data before transmission.
Analogous to land-based telephone systems or dial-up Internet connections, circuit-switched communications require the establishment of a dedicated connection to be made between two parties prior to any data transfer. Once this connection has been made, the circuit (or frequency in the case of wireless communication) is tied up for the duration of the session.
Analogous to land-based Ethernet connections, a packet-switched wireless network involves the sharing of a single frequency between users. Only one user may transmit or receive at a given instant since packet networks cannot multiplex. Since only small packets of data are typically being transmitted, this scheme is ideal for many applications. Unlike circuit-switched systems, the packet-switched approach allows devices to remain continuously connected to the network, making instantaneous access and two-way paging possible. The RIM Blackberry uses this approach through a Base Radio Unit Network “BRU3”, a single channel mini base station for Mobitex networks. The BRU3 can achieve temporary coverage demands for new traffic situations such as at trade shows, sport events etc. A capacity of more than 1,500 users per base station reduces bottlenecks. End-users can send an email in seconds, transmit vehicle positions in less than two seconds, and verify a credit card transaction in less than five seconds.
The applicant's prior product “SonicAdmin” applies open standard security such as “Data Encryption Standard” or triple DES (a DES operation that takes three 64 bit keys, for an overall key length of 192 bits) in a proprietary way using 1 key (rather than 3 separate keys) together with code that is stored in a DLL. A User enters a 192 bit (24 character) key that SonicAdmin breaks into 3 sub-keys, padding the sub-keys so they are each 64 bits long. The procedure for encryption is the same as regular DES, but it is repeated three times. The data is encrypted with the first sub-key, decrypted with the second sub-key, and finally encrypted again with the third sub-key. Consequently, the Triple DES of SonicAdmin is slower than standard DES, but, if used properly, it is more secure.
Known conventional technologies for administering networks wirelessly include those accessed through a web browser, using a standard micro-browser client/application running on any of a variety of PDAs, pagers, data capable cell phones or other Wireless Input Devices (“WIDS”) to access a web-server connected to the LAN or other network of Managed Entities whether in hardware or in software (including: servers, routers, desktops, modems, printers, switches, mainframes, serial or parallel devices, pagers, data capable phones, applications, services, or processes). These traditional approaches take advantage of existing infrastructure to provide an inexpensive and flexible (i.e. client WIDs need not be prepared or have client software loaded) way to access Managed Entities, but disadvantageously increase the risk of unauthorized access to the LAN or Managed Entities through the web-server component of the service, a risk that is not acceptable to many organizations.
Wireless Transport Layer Security (WTLS) is based on Transport Layer Security (TLS) (similar to Secure Sockets Layer, SSL), WTLS was developed to address the problems of mobile network devices, including: narrow bandwidth, high latency environment, limited processing power and memory capacity. TLS was modified to address the needs of wireless users because radio networks do not provide end-to-end security. TLS is a protocol that is the successor to SSL. TLS has two layers: the TLS Record Protocol and the TLS Handshake Protocol. The Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. The Record Protocol provides session security using a particular method of encryption such as the DES, but can be used without encryption. TLS and SSL are not generally interoperable, but TLS can export data streams in a form suitable for use by SSL infrastructure.
Wireless Application Protocol (“WAP”) uses a specially developed protocol stack to implement the part of the wireless transmission from a WAP client device to a WAP Gateway. The WAP architecture replaces the current web server technology for the portion of data communication between a wireless device and the web server. A WAP Gateway implements the Internet protocol stack on behalf of the WAP client device. The WAP Gateway is a Service Enabling Platform. The Wireless Application Protocol (WAP) is a specification for a set of communication protocols to standardize the way in which mobile phones and wireless devices can access the Internet. The WAP concept provides the mobile network operator with a powerful environment for offering subscribers value-added services that will boost the usage of data. The WAP Gateway is an entry point for mobile users to the Internet. It provides protocol mapping between IP and WAP protocols, encoding and decoding for efficient data transfer and mobile access. Requests from the mobile devices are sent in the form of wireless mark-up language (WML) commands to the WAP Gateway. The WML request is converted into hypertext mark-up language (HTML) and sent over HTTP to the Internet application server. The WAP Gateway software is comprised of two parts: the basic gateway and the enhanced services. With this technology in place, Internet information can be developed and displayed on mobile devices, allowing users to access the Internet from almost anywhere. This provides the mobile user with services such as infotainment, flight schedules, weather forecasts, stock exchange information, e-commerce, etc. WAP features include:                WAP serves as proxy that fetches the requested data from Internet sites        Protocol mapping between the Internet standard and WAP protocol        Access to mobile data bearers        Encoding/decoding for efficient transfer between data bearers        Subscriber administration and Service management        Dynamic Configuration Data Support        User Agent Profiling Standardized format and protocols        Support of wide range of mobile terminal types        
Since TCP/IP is not used for communication between the WAP client and the WAP Gateway, SSL or TLS could not be used to implement the security. WTLS can sustain the low bandwidth, high latency transport layer and is derived from TLS by removing the overhead where possible without compromising security that makes the protocol suitable for the wireless environment. Like TLS, WTLS operates on top of the wireless transport layer also known as WDP, and below the session layer known as WSP. However, WTLS runs on top of an unreliable datagram service, and not a reliable transport protocol like TCP/IP, creating reliability concerns respecting message exchanges across several WTLS operations. WTLS also uses digital certificates to provide for server or client side authentication, but due to the memory limitation of WAP devices certain desirable attributes are omitted from the digital certificate specifications, including the Serial Number and Issuer ID fields. A WAP Gateway is responsible for the translation of messages from one protocol to another. Just like it encodes text based WML content into binary WML format before sending, it has to decrypt TLS encoded messages, convert the content into binary format, encrypt it using WTLS and then send. The same happens when the message arrives from the WAP device. It must be decrypted, decoded and the resulting WML re-encrypted using TLS specifications and then forwarded to the applications server. Consequently, the WAP Gateway sees all messages in clear text, including messages intended to be confidential throughout the transmission are exposed for a split second, and that is what is known as the WAP Gap, which can be addressed by setting up an internal WAP Gateway accessible only by Users of the application and configuring devices to use the new gateway for access to WAP content. Although some WAP devices support multiple gateway configurations, switching between them as the users navigate from one application to another is difficult. Most companies that deploy an end-to-end secure solution require their users to carry phones with pre-set gateway configurations and access to WAP applications hosted on their servers only.
The web protocol used to communicate between the web-server and the micro-browser depends on the type of WID deployed. Some WIDs are capable of handling HTML such that they can be used for “direct access” to the web-server. Other WIDs are designed or setup to handle the more compact WML, such that, although their speed of operation is higher, they must access the web-server through a WAP Gateway making them subject to the WAP Gap. Some conventional web-server implemented wireless services operate without encryption, while others use generic forms of encryption such as SSL or TLS, or deploy a 3rd party VPN security product to connect the service to the necessary web-server. Various wireless input devices are known to run a generic micro-browser the output for which is in WTLS, communicating by radio means, typically a cellular network, through an IAS Server that authenticates the wireless user who is provided with access to the Internet, through a WAP gateway that must convert from WTLS to TLS before transfer over the Internet, to a web-server that is relatively exposed to attack because Port 80 remains “open” in order for a web-server to be accessible round the clock for requests from unknown sources, and by virtue of which crackers have a point of access to anything logically connected to web-servers. Use of such system to provide LAN Admin services is necessarily risky because the web-server must have access to the LAN in order to pass Admin instructions from a WID to any server on that LAN. It is therefore desirable not to use a web-server for network administration applications.
Proxy technology is well known in the computing industries as a means to reduce the number of points of access by or to a LAN from the Internet. For example, commonly, proxy technologies are used as a “gateway” permitting client devices that are “sealed off” from the Internet a trusted agent that can access the Internet on their behalf, such gateway often running with a firewall positioned as a barrier to crackers. In the case of a proxy gateway the proxy technology has been applied as a “stand-in” or “proxy” for the client. In another example of a common use for proxy technology the “proxy” is applied for a server wherein caches of files that are popular are loaded onto a proxy server to fill requests for files originally from a machine that may be slower or more expensive to operate. In both cases, the true concept of proxy technology is based on a machine that actually does something on behalf of another machine, unlike a router that merely makes connections between end points permitting those machines to conduct their own affairs.
It is known that intermediate servers operating as routers eliminate the use of a web-server and the WAP gap. However, even these newer technologies suffer a number of disadvantages. For example, such newer conventional means for wireless network admin rely on the generic, industry standard SSH protocol and its security layer SSL both of which are vulnerable to unauthorized access, including by “crackers”. Further, SSH is interpreted character by character causing a large volume of data transfer and work on the client WID interpreting messages sent using the SSH protocol, neither of which is desirable in the narrow-bandwidth, low capacity world of portable computing devices. Similarly, SSL can only run on an SSL enabled WID and requires that security operations (as well as device management, and service functionality) be performed by the Managed Entity (e.g. a server on the LAN having business processes that it must run and that are thereby already consuming processor power or other system resources) running the SSH service. Consequently, even though some conventional SSH technologies include a machine intermediate the firewall and the LAN, that machine is restricted to operate as a router rather than as a true proxy, since its purpose (even though it may be implemented with some gateway functionality) is to provide a single point of entry through the firewall eliminating the need for a different port in the firewall to be opened for each Managed Entity requiring access to WID's outside the firewall.
Authentication is the process of attempting to confirm whether an entity (e.g. a device such as a WID or a User) is, in fact, what or who it has been declared to be. Authentication is commonly done using identifier (e.g. user name) password combinations, the knowledge of which is presumed to guarantee that the user is authentic. Each user's password is initially registered providing a measure of verification, however passwords can thereafter be stolen, intercepted, accidentally revealed, or forgotten. The more levels of authentication, the higher the level of confidence that the entity successfully providing all “keys” is authentic. Authorization is the process of confirming that an entity has permission to do or have something, for example, to give certain commands or to access to specific Managed Entities (e.g. servers) or files. A person of skill in the art would understand that authorization may take place at any or all of the network operating system (NOS), computer operating system (OS), or application levels. Logically, authentication precedes authorization although they may often appear to be combined.
Typically authentication takes place without encryption the keys for which may be negotiated once the host confirms the identity of the entity being authenticated. Typically authentication is carried out for the User alone and not for the device, which in the context of mobile devices has the disadvantage of permitting stolen devices to remain a threat against which there is no direct protection. It is therefore desirable to engage authentication means respecting mobile input devices. A hardware element commonly referred to as a “dongle” that generates a unique identifier (i.e. a string of characters) specific to that particular dongle—is one known means for uniquely identifying devices. To add an additional layer of security a system can require a unique identifier generated by a dongle (in addition to a user ID and password), such that parties not in possession of that dongle cannot produce the required unique identifier. The MAC address of a PC network card, or a unique identifier from a computer hard drive may similarly be used to separate the user from the device. Consequently, if a user loses a WID that device may be locked out of the system such that someone finding it preloaded with the appropriate software would not be able to access the system and then simply keep trying to guess the appropriate user ID/password combination. Advantageously, at the same time the user is not locked out, so he or she can continue to access the system from a valid WID or PC. Cell phones similarly have unique identifiers, associating each device with a particular account, which identifiers can be used to prevent lost or stolen cell phones from accessing the cellular network. A user can contact their carrier to disable the subject account rendering the associated cell phone inoperable. With the proper knowledge a cell phone can be re-activated by changing the SIM card requiring a different cell phone number, but there are even measures in place to protect against this form of cell phone fraud.
Integrity, in terms of data and network security, is the assurance that information has only been accessed or modified by persons authorized to do so. Common network administration measures to ensure data integrity include the use of checksums to detect changes to file content.
TLS is replacing SSL, in the OSI Transport Layer, as the industry standard for encryption when using TCP/IP to move packets securely across the Internet. Since most web content development now contemplates broadband access, in order to enhance performance on low power, limited capacity, narrowband wireless devices, WAP has evolved as a subset of rules permitting wireless devices to more efficiently access such graphics heavy content. WML (Wireless Markup Language) is a set of Presentation Layer commands based on XML and HTML, intended for use in specifying content (and a scaled down user interface) for narrowband devices for which reduced graphic content is appropriate. WTLS is available for use as the Transport Layer standard of generic security during the “wireless leg” of transmissions between a client and a managed entity, however WTLS is not required for carrier dependent transmission to occur, which various implementations of WDP achieve without encryption being applied at the socket level. For example, a simple wireless device sending public information not needing to be encrypted could be used to send presentation instructions written in HTML to a web-server for display. The characters comprising the HTML would be processed for transmission in accordance with the radio carrier's particular radio network (and WDP) on the other end of which radio network they would be “de-processed” in preparation for uploading to “run over” TCP/IP across the Internet, without security. In the more common example of a sensitive message originating on a wireless device, characters written in WML (but they could be in HTML) would be encrypted at the socket level (as opposed to by the client application per se) using (generic) WTLS and then also processed in accordance with the carrier's particular radio network for transmission over the wireless portion of the journey to the message's destination. Upon reception at the radio carrier's tower, the message must be de-processed from the earlier radio network specific processing—and then also decrypted from WTLS (for conversion to TLS), since current technologies do not permit WTLS encrypted packets to be sent over the Internet on TCP/IP. Decryption from WTLS takes place on a WAP Gateway (typically supplied by an Internet carrier) that is inherently “public” in nature. It is during the time between the decryption from WTLS and re-encryption to TLS that a “gap” in security occurs that has become known as the “WAP gap”. During the interstitial period the characters in WML would sit in an unencrypted form on the WAP Gateway exposed to “sniffers” or other tools used by crackers to “listen” to known weak points in the Internet for subject matter of interest. Even though TLS and WTLS are “strong encryption” options, neither of them is necessary if an alternate means of security has been implemented to avoid the WAP gap. It is therefore desirable, particularly for network administration applications, to transmit information and commands using a system that does not rely on WTLS alone for security.
An application programming interface” (“API”) is the set of calling conventions by which an application such as a network administration client accesses the operating system (“OS”) and other services. There are currently 3 conventional programming interfaces that permit network operators to access Windows operating systems for the purpose of providing administrative commands to managed entities: WIN32, ADSI and WMI (CIM). Conventional remote administration technology delivers commands (e.g. reboot), through a web-server, using these interfaces directly to the managed entity that executes without further enquiry—such that a risk of the unauthorized deliver of such commands exists. A person of skill in the art would understand that various of these may be implemented as a Device Driver rather than a memory-resident program.
There are currently 3 main problems associated with using wireless technology to remotely administer a computing network. First, the need to transmit signals through unsecure media, such as radio frequency transmission, creates a security problem because the signals are susceptible to interception. Second, the narrow bandwidth of current input device technology (e.g. pagers, PDAs, phones) makes data exchange slow. Third the fragile connectivity of current radio communication networks makes data exchange unreliable. Both slow and unreliable data exchange are severe practical limits on the administrative services deliverable.
To reduce the amount of data being transferred between a WID and its server, one conventional approach is to store more (LAN) information on the WID, which disadvantageously creates a serious security risk to the LAN in the event that the highly portable WID is stolen. It is therefore desirable to provide a solution that requires neither extensive transfers nor the storage of LAN data. Further, conventionally, authentication takes place without encryption—the keys for which encryption may be negotiated once the host confirms the identity of the entity being authenticated. Authentication is also traditionally carried out for the User alone and not for the device, which in the context of mobile devices has the disadvantage of permitting stolen devices to remain a threat against which there is no direct protection. It is therefore desirable to engage authentication means respecting the mobile input devices as well.
As remote devices attempt to communicate with such a LAN there will periodically be failures of various elements including servers that permit such communication. Consequently, there are “fail-over” technologies for minimizing the disruption of access. For example, Microsoft Windows 2000 Advanced Server has a “clustering agent” to enable and configure clusters that bind several servers to appear as one physical machine, the benefits of which include load balancing as well as fail-over protection. Two users accessing a web-site at the same time may be talking to 2 separate physical machines although it will appear they are at the same location (load balancing). And, if a physical machine in a cluster becomes inoperable the software will automatically remove it from that cluster to prevent users accessing an inoperable machine (fail over). The foregoing is a software solution, although some physical hardware is required the “clustering agent” is not tightly bound to hardware. According to a Hardware approach, the software required is tightly bound to hardware such as is the case with the Cisco 7200 series router that will fail-over to alternate IP (Internet Protocol) based technologies such as: Fast Ethernet, Gigabit Ethernet, or Packet Over Sonnet that are all proprietary embodiments of the internet protocol and are for use with proprietary hardware, only some of which use a different physical medium (e.g. fibre-optic cable) constituting a different point of access to the internet—rather than a different mode (e.g. a telephone line used for direct-dial between 2 modems). Although the Cisco example involves different communication technologies that are IP-based, the mode of communication is still the internet. For example, Packet Over Sonnet technology is used for connecting high-speed IP-based networks to the internet via optical fiber. Although using a different medium of access, resulting in a different point of access, the fail-over operation of the Cisco 7200 series router is between technologies that all use the internet mode—rather than from the internet to a different mode. Neither is the use of internet protocol determinative of mode, since IP may be used to communicate over non-internet networks. Also, the use of a non-IP-based protocol in any portion of the communication path is not determinative of whether the primary mode is the internet. For example, X25 uses a network layer protocol called PLP, although similar to IP, X25 technology has separate hardware and protocols used for passing the data. It is very common to pass information from one IP-based network to another over a high-speed X25 trunk using hardware to convert between IP and PLP on both transmit and receive ends. Cisco routers may be configured to run X25 to enjoy the advantage of a direct high-speed connection between devices each of which otherwise use IP on a LAN and to communicate remotely using the internet. However, if the X25 connection goes down—no alternate mode of communication is attempted. And, there are no known systems, for the delivery of messages, offering a group of alternate modes when the internet or other primary mode is down. Conventional systems using alternate modes of communication would be limited in any event by the lack of compatibility of the different available infrastructures and protocols. It is desirable therefore to have a method for delivering messages, which method takes advantage of devices suitable for switching between different modes of communication.
In emergent circumstances, disadvantageously, without the rapid availability of alternate modes of communication, the opportunity to gain access to certain networks and the devices included in them may be lost. Therefore it is desirable to have a method and system pre-configured to access at least one backup mode of communication with important networks.
Conventionally, test transmissions like the Packet InterNet Groper or “ping” are sent to an external source to test access to devices by sending them one or more, Internet Control Message Protocol (“ICMP”) echo requests and waiting for replies. Since “pinging” works at the IP level its server-side may be implemented within the operating system kernel making it the lowest level test of whether a remote host is alive, such that pinging is often effective even when higher level, TCP-based, services cannot. Also, the Unix command “ping” can be used to measure round-trip delays in case the primary mode, although operational, is congested. ICMP is an extension to the Internet Protocol (IP) that allows for the generation of error messages, test packets, and informational messages related to IP.
The applicant's U.S. application Ser. No. 10/326,226 discloses a proxy method, messaging protocol, and a robust but flexible security model that are suitable for use securely delivering messages with such a system for switching between different modes of communication.